Articles about Malware

Regin super-malware has Five Eyes fingerprints all over it says Kaspersky

The Regin malware, often described as the devil spawn of Stuxnet and Duqu, is the handiwork of the Five Eyes nation state spy apparatus, analysis reveals. The malware was named in November by researchers impressed with the smarts that helped it hide in plain sight for up to six years. Analysis overnight by Kaspersky malware …
Darren Pauli, 28 Jan 2015

AT LAST: Australia gets its very own malware

Australians are being targeted by a new variant of the Carberp malware under what appears to be renewed criminal interest in the antipodes. The modified trojan, Carberp.C, was spread through a spam operation masquerading as a payment invoice. Virus writers pushed the malware out a day after coding it, Symantec researcher …
Darren Pauli, 19 Jan 2015
Malware

158 new malware created EVERY MINUTE

Malware monitors PandaLabs says 227,747 new malware samples are released every day. The findings from its recent survey found 20 million samples were created in the third quarter of 2014. Three quarters of infections were trojans while only 9 percent were viruses and 4 percent worms. The number of trojans rose 13 percent over …
Darren Pauli, 06 Nov 2014

FBI opens Malware Investigator portal to industry

The Federal Bureau of Investigations has released a formerly in-house malware-analysing portal to help speed up incident responses and help industry and law enforcement with investigations. The G-men hope the Malware Investigator portal can let businesses build responses to new malware without such heavy reverse-engineering …
Darren Pauli, 30 Sep 2014

Researcher says Aussie spooks help code Five Eyes mega malware

The Australian Signals Directorate (ASD) has refused to comment on allegations it had a hand in the creation of a keylogging module used by global spookhauses and considered almost identical to parts of the complex Regin malware. Security bods fingered its involvement due to a file path in the malware's code that referenced the …
Darren Pauli, 29 Jan 2015

POS malware crooks hack IP cams to validate targets

Carders operating the BackOff point of sales malware are hacking IP cameras to make sure their targets are worth attacking, says researcher Rotem Kerner says. The research plugs a "critical" gap in a July disclosure by the US CERT, which warned the popular carder malware was being flung at businesses using remote desktop …
Darren Pauli, 24 Dec 2014

FACEPALM! HP cert used to sign malware

HP accidentally signed some malware, according to Krebs on Security. Krebs reports that the certificate was “used to cryptographically sign software components that ship with many of its older products”, mostly for PC software, but that back in 2010 it was also used to sign some malware. HP will therefore revoke the certificate …
Simon Sharwood, 12 Oct 2014
Facebook privacy image

Facebook cosies up to ESET for malware detection

Facebook, which earlier this year started partnering with F-Secure and Trend Micro for malware detection, has added Slovak vendor ESET to its suite of security products. The previous tie-ups, detailed here, are worth noting to put the new partnership in context. F-Secure and Trend both pointed Facebook users at their free online …
Cartoon of  green skeletal figure reaching out of phone

DeathRing: Cheapo Androids pre-pwned with mobile malware

A new mobile Trojan is being pre-loaded onto smartphones somewhere in the supply chain. DeathRing masquerades as a ringtone app and is impossible to remove because it’s pre-installed in the system directory, according to mobile security firm Lookout. Samples of the malware are restricted to entry-level phones purchased in Asian …
John Leyden, 04 Dec 2014
apple mac malware vxer

This Apple Mac has malware. How do I mop up?

Readers' Corner We all know that Macs don't get PC viruses. But they can and sometimes do get Mac viruses. Hence this terse request from Dewix in El Reg forums. Mother-in-law has managed to get malware on her Mac. Anyone recommend a no fuss AV? Somewhat sparse on the details, Dewix. Reg readers can you help? Recommendations here. Thank- …
Aaron Milne, 16 Jun 2014

jQuery site popped to serve malware slop

The jQuery site served credential-stealing malware to scores of users who visited the website on September 18, researcher James Pleger says. The super-popular JavaScript library was used by 30 percent of websites including 70 percent of the 10,000 most popular sites which may have been compromised by the RIG exploit kit. jQuery …
Darren Pauli, 24 Sep 2014
Hacker baseball cap

Hackers use DRAFT emails as dead-drops for running malware

Sneaky hackers are using Gmail and Yahoo! drafts to control compromised devices, with the tactic designed to make detection of malware-related communications more difficult to pick up in enterprise environments. Attacks occur in two phases. Hackers first infect a targeted machine via simple malware that installs Python onto the …
John Leyden, 06 Nov 2014

P0wning for the fjords: Malware turns drones into DEAD PARROT

Hacker Rahul Sasi has found and exploited a backdoor in Parrot AR Drones that allows the flying machines to be remotely hijacked. The Citrix engineer developed what he said was the first malware dubbed Maldrone which exploited a new backdoor in the drones. Sasi (@fb1h2s) said the backdoor could be exploited for Parrot drones …
Darren Pauli, 27 Jan 2015
Toy Story

Researcher details how malware gives AV the slip

Researcher James Wyke has discovered throw-off tactics used by malware to frustrate investigators. These tactics were part of a suite of impressive methods VXers used to find technical artifacts that could help them distinguish between computers belonging to victims and those used by malware researchers. While malware writers …
Darren Pauli, 26 Aug 2014

Dirtbags dressed up malware as legit app using Sony crypto-certs

Miscreants were quick to capitalize on the theft of Sony's cryptographic certificates – used to sign a software nasty to make it look legit. An analysis of malware dubbed Destover was published by Kaspersky Lab on Tuesday, and shows the code was signed using a private certificate belonging to Sony to evade malware filters. …
Iain Thomson, 10 Dec 2014

Malware coders adopt DevOps to target smut sites

Linux-served porn sites may offer devs more than they bargained for after villains behind one of 2014's nastiest malware campaigns changed tactics to hit adult sites with stealthier wares. The Windigo campaign was revealed in March 2014 to have over the previous two years infected 25,000 Unix and Linux servers, with some 10,000 …
Darren Pauli, 12 Jan 2015

Watch this! The changing face of malware

Video Youtube Video The anti-malware software industry seems to be fighting a losing battle, with Symantec even declaring antivirus "dead". In this online tutorial Darryl MacGregor, principal technologist for information security at IT training biz QA, discusses the best strategies for protecting your information assets in the near …
David Gordon, 21 May 2014

IEEE expands malware initiatives

Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware that's been inserted into other software, and improve the performance of malware detection by cutting down on false positives. The organisation's Anti-Malware Support Service (AMSS) is designed to …
Hacked sarcasm

Backoff malware attacks hit 'more than 1,000 big businesses', warns US government

A Point-of-Sale malware attack that struck shipping outfit UPS has compromised the networks of a "significant" number of major businesses in the US, according to the country's Homeland Security office. The US administration's Computer Emergency Readiness Team (CERT) advised administrators and operators of PoS systems to …
Kelly Fiveash, 23 Aug 2014

15 MEEELLION malware-infested mobiles worldwide – report

Incidences of malicious software (malware) being identified on mobile devices rose 17% in the first half of this year, according to a new study. A report by French communications giant Alcatel-Lucent estimated that approximately 15 million mobile devices worldwide could be infected with malware. The report said that the mobile …
OUT-LAW.COM, 09 Sep 2014

Kaspersky exposes SONY-CRIPPLING malware DETAILS

Kaspersky bod Kurt Baumgartner has released more details on the Sony-plundering malware and links it to attacks on Saudi Aramco and South Korea. Research conducted in the wake of the epic Sony breach last month had connected those behind the attack known as the Guardians of Peace (GOP) with the 2012 hacking of Saudi Aramco by ' …
Darren Pauli, 08 Dec 2014
apple mac malware vxer

Apple blats WireLurker OS X, iOS malware – but fanbois aren't safe yet

It appears the WireLurker malware threatening Macs, iPads and iPhones has, for now, been partially neutralized. Apple told The Reg it has revoked a previously legit cryptographic certificate the malware was using to sign itself: this certificate tricked iOS devices into trusting and installing WireLurker's malicious apps. Now …
Shaun Nichols, 07 Nov 2014
Orange Credit Card

Home Depot: 56 million bank cards pwned by malware in our tills

Home Depot today admitted 56 million bank cards are at risk after they were used in malware-infected tills. The DIY giant on Thursday revealed that a software nasty infiltrated its PC-powered registers between April and September in the US and Canada. Cards swiped through the compromised machines could be accessed by the malware …
Shaun Nichols, 18 Sep 2014
Bitcoin system would kill mammoth mining pools

Fifteen countries KO'd in malware one-two punch

Someone suspected to be backed by a nation state is attacking embassies of former soviet states with a malware tool that has infiltrated networks across more than 15 countries. Hacked embassies of unnamed former soviet states include those located in: France; Belgium; Ukraine; China; Jordan; Greece; Kazakhstan; Armenia; Poland, …
Darren Pauli, 12 Aug 2014
Cartoon of  green skeletal figure reaching out of phone

Chinese cops cuff teen over Heart App Android malware flap

Chinese authorities have arrested a 19-year-old suspected of unleashing a fast spreading strain of malware that infects Android smartphones. Police told Chinese newspapers including Sina.com that "Li", a 19-year-old software engineering student, was cuffed in Shenzhen on suspicion of creating the Heart App Android malware within …
John Leyden, 12 Aug 2014
Azure Index

Microsoft releases free anti-malware for Azure VMs

Free anti-malware software is not hard to find: even reputable vendors offer product at the low, low, price of $0.00 for client devices/ Microsoft is now doing the same for servers – or at least for virtual machines in its Azure cloud with a new offering called (deep breath now) Microsoft Antimalware for Azure Cloud Services and …
Simon Sharwood, 06 Nov 2014
apple mac malware vxer

Google makes malware microscope Mac mod

Google has upgraded its popular VirusTotal analysis tool by adding an Mac OS malware uploader in a bid to better understand increasing attacks against Cupertino's fruity 'puters. The tool has been made available for OS X 10.8 and 10.9. Malware and suspicious URL samples uploaded to VirusTotal are checked against 52 anti-malware …
Darren Pauli, 27 May 2014

Windows Registry-infecting malware has no files, survives reboots

Researchers have detailed a rare form of Windows malware that maintains infection on machines and steals data without installing files. The malware resides in the computer registry only and is therefore not easy to detect. It code reaches machines through a malicious Microsoft Word document before creating a hidden encoded …
Darren Pauli, 04 Aug 2014
Nuclear bomb image

Intruder alert: Cyber thugs are using steganography to slip in malware badness

Common or garden cybercrooks have taken to using steganography – the art of hiding secret information within another image or message file – to run a click-fraud scam. Steganography has long been the stuff of spy trade-craft and cypherpunk novels, but now cybercrooks have made the practice downmarket by applying it to the Lurk …
John Leyden, 08 Aug 2014
Malware

Attackers raid SWISS BANKS with DNS and malware bombs

Attackers suspected of residing in Russia are raiding Swiss bank accounts with a multi-faceted attack that intercepts SMS tokens and changes domain name system settings, researchers have warned. The attacks sported a clever implementation of malware that pointed victim machines to replica phishing bank sites when they attempt to …
Darren Pauli, 23 Jul 2014
bug on keyboard

Researchers warn of resurgent Sefnit malware

A malware infection which drew headlines January has returned and is using new techniques to infect and spread amongst users. Known as Sefnit, the botnet infection was spotted in September of 2013 and triggered alarms earlier this year when researchers warned that millions of systems were likely infected with the malware. …
Shaun Nichols, 29 Apr 2014
bug

Secluded HijackRAT: Monster mobile malware multitool from HELL

Cybercrooks have brewed up a malicious Android app that bundles a raft of banking fraud tricks into a single strain of mobile malware. The Secluded HijackRAT is banking trojan that packs together new and previously unseen tricks, according to net security firm FireEye. The mobile nasty combines private data theft, banking …
John Leyden, 03 Jul 2014

ISC.org website hacked: Scan your PC for malware if you stopped by

The website for the Internet Systems Consortium, which develops the BIND DNS and ISC DHCP tools, has been hacked. Anyone who recently browsed ISC.org is urged to check their PC for malware as miscreants booby-trapped the site to infect visitors. The website has been replaced by a placeholder page warning netizens of the attack …
Chris Williams, 26 Dec 2014
Gold iPhone 5s, in'it?

Reddit users discover iOS malware threat

Users on a mobile phone hacking subreddit are being credited with the discovery of a malware infection targeting iOS users. The r/jailbreak community uncovered the infection while assisting a user who had been noticing unusual activity on his jailbroken iPhone. Known as 'Unflod Baby Panda', the infection targets jailbroken iOS …
Shaun Nichols, 18 Apr 2014
Google bouncer

Droid malware cloak outwits Google Bouncer and friends

Google's Bouncer Android defence tool is one of a dozen malware detection platforms that can be flawlessly skirted by malware employing smarter heuristics, researchers have found. Malware kitted out with virtual machine detection functions and clever heuristics could bypass seemingly any detection platform on the market. …
Darren Pauli, 13 May 2014
Ben Gurion University professor Yuval Elovici

Israel develops wireless-malware-injection-by-smartmobe tool

It's not the next Daniel Suarez plot; Israeli academics have developed software they say can use your mobile phone to detect electrical impulses, and foist malware to computers physically disconnected from any internet facing network. Ben Gurion University professor Yuval Elovici told The Times of Israel that his team …
Darren Pauli, 12 Jun 2014
Flytrap

CoolReaper pre-installed malware creates backdoor on Chinese Androids

Security researchers have discovered a backdoor in Android devices sold by Coolpad, a Chinese smartphone manufacturer. The “CoolReaper” vuln has exposed over 10 million users to potential malicious activity. Palo Alto Networks reckons the malware was “installed and maintained by Coolpad despite objections from customers”. It's …
John Leyden, 18 Dec 2014

FBI warns of disk NUKE malware after Sony Pictures megahack

The FBI has alerted US businesses to data-wiping malware after hackers, possibly in North Korea, ransacked computers at Sony Pictures. The malicious software described in the Feds' warning is pretty close to the malware believed to have infiltrated Sony's network. Miscreants have leaked gigabytes of passwords, personal records, …
John Leyden, 02 Dec 2014

Tor exit node mashes malware into downloads

A Tor exit node has been found slapping malware onto downloads as users exit the hidden network and enter the public web. Leviathan Security Group researcher Josh Pitts found the operator of the Russia-based node compromising binaries only a month after raising concerns of the possible attack. He created the Backdoor Factory …
Darren Pauli, 27 Oct 2014
Malware

Twitter 'news' spreads faster than Ebola #FakeCures #Malware

Updated Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn. The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola. Late …
John Leyden, 20 Oct 2014

Sync'n'steal: Hackers brew Android-targeting Windows malware

Internet Igors have stitched together the first strain of Windows malware that can hop over and infect Android smartphones and tablets. The Droidpak mobile banking trojan exploits syncing between smartphones and Windows PCs to jump from a compromised PC onto an Android device. The Windows Trojan downloads a malicious .APK file …
John Leyden, 27 Jan 2014
Fail and You

NASDAQ IT security spend: $1bn. Finding mystery malware on its servers: Priceless

NASDAQ servers were infected by malware that exploited two mystery zero-day vulnerabilities, according to a magazine cover story published today. Despite spending a ton of money on computer security, the stock exchange was wide open to attack, we're told. Today's report pulls back the curtain back to reveal a little more about …
Iain Thomson, 17 Jul 2014
bug on keyboard

Manic malware Mayhem spreads through Linux, FreeBSD web servers

Malware dubbed Mayhem is spreading through Linux and FreeBSD web servers, researchers say. The software nasty uses a grab bag of plugins to cause mischief, and infects systems that are not up to date with security patches. Andrej Kovalev, Konstantin Ostrashkevich and Evgeny Sidorov, who work at Russian internet portal Yandex, …
Iain Thomson, 18 Jul 2014

Malware analysts tell crooks to shape up and write decent code

Blackhats beware: reverse engineers are laughing at your buggy advanced persistent threat (APT) malware. You've done pretty well though: your custom payloads were effective at breaking into enterprises and the damage it did was quite devastating. But many were being found and added to anti-malware signatures all too quickly. …
Darren Pauli, 10 Oct 2014
Cartoon of  green skeletal figure reaching out of phone

Malware-as-a-service picks Android apart

Quite possibly the most expensive and capable Android malware the world has yet seen is for sale at $US5000 on underground markets, replete with software-as-a-service support. The iBanking malware has evolved from a simple SMS-stealer to a highly capable application that records audio within the range of a device's microphone, …
Darren Pauli, 22 May 2014
ISIS leader Shakir Wahiyib with Facebook thumbs-up

New fear: ISIS killers use 'digital AK-47' malware to hunt victims

Malware has emerged from war-torn Syria targeting those protesting the rule of ISIS (ISIL, Islamic State, whatever the murderous humanity-hating fanatics are calling themselves these days.) The trivial Windows spyware, analyzed by University of Toronto internet watchdog Citizen Lab, was sent out in a small number of emails aimed …
Iain Thomson, 18 Dec 2014
Remy from Ratatouille

Another RAT crawls out of the malware drain

Yet another banking trojan has appeared, using browser hooking to steal data from Internet Explorer, Chrome and Firefox users. Dyreza, or Dyre, is pitched the usual way, via a phishing e-mail (a lesson that's never learned well enough for the approach to fail), and the e-mail contains what purports to be a zipped document that …
android tongue

Malware gets your Android blabbering to HACKERS

Researchers from the Chinese University of Hong Kong have developed bizarre malware that dictates contacts, emails and other sensitive text data in order to steal it. In the novel attack a seemingly innocuous app that required no permissions called a bad guy's phone number and blabbered the stolen data out of the speakers and …
Darren Pauli, 29 Jul 2014

PC-infecting chat demon quotes THE BIBLE to summon malware plague

A new Trojan that distributes itself through Facebook instant messaging and Yahoo! Messenger has claimed hundreds of victims. Computer systems have been infected by the software nasty in the UK, Germany, France, Denmark, Romania, the US and Canada during the past week or so, according to Romanian antivirus firm Bitdefender. …
John Leyden, 27 May 2014

Revealed: Malware that forces weak ATMs to spit out 'ALL THE CASH'

Video Thieves are sneaking malware dubbed Tyupkin into ATMs to force them to cough millions of dollars, we're told. The crims don't need to use stolen or cloned cards. Instead, fraudsters infect the ATM's on-board PC, and later type a special combination of digits on the PIN keypad to drain the machine of banknotes – that's according …
John Leyden, 08 Oct 2014